Bug 182632

Summary: selinux-policy-2.2.20-1 prevents me from running vpnc
Product: [Fedora] Fedora Reporter: Nalin Dahyabhai <nalin>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-03-08 21:00:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150222    

Description Nalin Dahyabhai 2006-02-23 19:26:25 UTC 
Description of problem:
With the latest version of the SELinux policy installed, vpnc appears to hang
when I run it.  Under strace, I can tell that it attempted to prompt me for
information which wasn't in its configuration file, and is waiting for me to
respond, but the prompt didn't make it to the console (/dev/tty2).

Version-Release number of selected component (if applicable):
2.2.20-1

How reproducible:
Always

Steps to Reproduce:
1. Install vpnc.
2. Log in on a text console as 'root'.
3. Run vpnc.
  
Actual results:
Nothing happens.  The command appears to hang.

Expected results:
vpnc should prompt me for the address of my VPN concentrator.

Additional info:
This appears to have broken somewhere between 2.2.12 and 2.2.17.  The avc
denials which are logged are all for this av:
type=AVC msg=audit(1140722662.992:753): avc:  denied  { use } for  pid=31422
comm="vpnc" name="tty2" dev=tmpfs ino=1199
scontext=root:system_r:vpnc_t:s0-s0:c0.c255
tcontext=system_u:system_r:local_login_t:s0-s0:c0.c255 tclass=fd
Comment 1 Daniel Walsh 2006-02-23 19:46:10 UTC 
Fixed in Fedora/selinux-policy-2.2.21-2.noarch.rpm
Comment 2 Nalin Dahyabhai 2006-02-23 19:46:44 UTC 
Confirmed.